Introduction
Your privacy is very important to us. This notice (this “Privacy Notice”) is provided by Empyrean Capital Partners, LP (together with each of the private investment funds and accounts it advises, and other related entities, “Empyrean,” “we,” “our,” or “us”), and sets forth Empyrean’s policies for the collection, use, storage, sharing, disclosure (collectively, “processing”) and protection of your personal data as a visitor of Empyrean’s website, and/or a current, prospective or former investor, as applicable. This Privacy Notice is being provided in accordance with the requirements of applicable data privacy laws, including the EU General Data Protection Regulation 2016/679 (“EU GDPR”), the UK GDPR (as defined below) the US Gramm-Leach-Bliley Act of 1999, as amended (with any implementing regulations, “GLBA”), the Data Protection Act (“DPA”) of the Cayman Islands, as amended, and the California Consumer Privacy Act California Consumer Privacy Act (with any implementing regulations and as may be amended from time to time, “CCPA”). References to “you” or an “investor” in this Privacy Notice means any visitor of Empyrean’s website, current, prospective or former investor, managed account client, as applicable, who is an individual, or any individual connected with the foregoing who is a legal person. For the purposes of the DPA, the Fund is the data controller.
The rights discussed in certain sections of this Privacy Notice may be subject to exemptions or other limitations under applicable law. Please review this Privacy Notice carefully to understand what we do in regards to your personal data, and where applicable, the following sections:
- If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”) and subject to the EU GDPR or the EU GDPR as it forms part of the laws of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (the “UK GDPR”, and, together with the EU GDPR, the “GDPR”), or if you are an investor who is, or is associated with investors in our funds based in the Cayman Islands (the “Cayman Funds”) and subject to the DPA, and any other applicable law relating to privacy or the processing of personal data and any statutory instrument, order, rule or regulation implemented thereunder, each as applicable to Empyrean (collectively “Data Protection Laws”), please review this Privacy Notice and see the below section, “Additional Information for EEA and UK Data Subjects and Cayman Investors,” for a description of your rights and other information related to the GDPR and DPA.
- If you are a California resident, please review the below section, “Additional Information for California Residents” for additional disclosures, our notice at collection, and a description of your rights under the CCPA.
Our Collection of Personal Data
We may collect personal data about you to facilitate your investments and for our business and commercial purposes. “Personal data” for the purposes of this Privacy Notice means any information that can help us directly or indirectly identify you and includes nonpublic personal information and personal information as defined under the CCPA with regard to California residents.
We may collect certain types of personal data from or about you, including:
- Identifiers and similar information, such as your name, signature, address, date and place of birth, email address, social security number, driver’s license number, tax identification number, passport number, online identifiers or other similar identifiers.
- Additional information protected under certain federal or state laws such as a signature, education information, credit history, social security number, state identification number, credit card, bank account, assets and net worth, account balances, wire instructions, or other financial information.
- Characteristics of protected classifications under certain federal or state laws, including gender, national origin, or marital status.
- Certain information that may qualify as “special category” data or sensitive personal data under the GDPR or DPA such as the commission, or alleged commission, of an offence and any proceedings for any offence committed.
- Commercial information, including records of products or services purchased, obtained, or considered, or other purchasing histories or tendencies, including funds in which you are invested, investments considered, or sources of wealth.
- Internet or other electronic network activity information, including interactions with our website or use of certain online tools, and IP addresses.
- Audio, electronic, visual, or similar information, such as photographs, voicemails or interactions with us on video communications platforms.
- Professional or employment-related information, including investment experience, occupation, place of business, compensation, employer, and title.
- Inferences drawn from any of the information identified above to create a profile reflecting your preferences or similar information, including your potential interest in investing in new funds.
How We Collect Personal Data
We may collect personal data directly from or about you and/or your intermediaries, service providers or affiliates through sources such as: (i) account applications, subscription agreements, and other forms or related documentation; (ii) written, electronic, or verbal correspondence with us or our service providers; (iii) investor transactions; (iv) an investor’s brokerage or financial advisory firm, financial advisor, or consultant; and/or (v) from information captured on applicable websites.
We may also collect personal data from different sources, such as: (i) our business partners or service providers; (ii) public websites or other publicly accessible directories and sources, including bankruptcy registers, tax authorities, governmental agencies and departments, and regulatory authorities; and/or (iii) from credit reporting agencies, sanctions screening databases, or from sources designed to detect and prevent fraud.
Using Your Personal Data
We may collect, use, or process your personal data for our business or commercial purposes such as: (i) performing services on behalf of a fund and administering our relationship with you, including fulfilling your requests, maintaining and servicing accounts, providing investor relations services, processing subscriptions, withdrawals and redemptions (as applicable), verifying information, processing payments, communicating with you, and reporting or providing similar services; (ii) where permitted by applicable law, providing you with direct marketing of our products and services or promotional materials; (iii) detecting security incidents and protecting against malicious, deceptive, fraudulent, or illegal activity, including preventing fraud and conducting “Know Your Client,” anti-money laundering, terrorist financing, and conflict checks; (iv) internal operations, including monitoring and analysing our activities and administering and improving our website; and (v) complying with applicable legal or regulatory requirements (including anti-money laundering, fraud prevention, tax reporting, sanctions compliance, or responding to requests for information from supervisory authorities with competent jurisdiction over our business).
Please note that where personal data is required to satisfy a statutory obligation (including compliance with applicable anti-money laundering or sanctions requirements) or a contractual requirement, failure to provide such information may result in your subscription in the applicable fund being rejected or compulsorily redeemed or withdrawn, as applicable. Where there is suspicion of unlawful activity, failure to provide personal data may result in the submission of a report to the relevant law enforcement agency or supervisory authority.
Disclosure of Personal Data
We may share all of the personal data that we collect, as described above, for our everyday business purposes and with each other in order to service your account (including processing transactions and maintaining your account), or to provide you with information about services that may be of interest to you.
We may also share such personal data with non-affiliated entities such as placement agents for marketing purposes, such as offering our products or services. Otherwise, we do not disclose any personal data about you to non-affiliated entities, except for our everyday business purposes, which may include: (i) to service providers, including the administrator and the sub-administrator of the private investment funds and managed account clients we advise, our auditors, our lawyers, our prime brokers, custodians and executing brokers and trading counterparties; (ii) at your request or direction or with your consent; (iii) enabling or effecting commercial transactions; (iv) as reasonably necessary to prevent fraud, unauthorized transactions or liability; (v) to respond to governmental organizations, court orders, self-regulatory organizations, legal investigations, or to report to credit bureaus; (vi) in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution, or liquidation); or as otherwise permitted or required by law.
It may also be necessary, under anti-money laundering and similar laws, to disclose information about you in order to accept subscriptions or to facilitate the establishment of business relationships with service providers.
Rights to Limited Sharing
Federal law gives you the right to limit some but not all sharing of your nonpublic personal information We do not: (i) share nonpublic personal information with non-affiliates to market to you; (ii) engage in joint marketing with non-affiliates; (iii) share nonpublic personal information with affiliates to market to you; or (iv) share nonpublic personal information about your creditworthiness with affiliates. However, state laws in the United States may give you additional rights to limit sharing.
Retention Periods and Security Measures
We will not retain personal data for longer than is necessary in relation to the purpose for which it is collected, subject to applicable law, including applicable Data Protection Laws. Personal data will be retained, at a minimum, for the duration of any investment you make in the private investment funds we advise, and for a minimum period of five to seven years after your redemption or withdrawal, as applicable, or the liquidation of a fund or managed account client. We may retain personal data for a longer period for the purpose of marketing our products and services or compliance with applicable law. From time to time, we will review the purpose for which personal data has been collected and decide whether to retain it or to delete if it no longer serves any purpose to us.
We seek to carefully safeguard your private information and, to that end, restrict access to personal data about you to those employees and agents who we determine need to know the information to enable us to provide services and products to you and to conduct our business operations. To protect your personal data from unauthorized access and use, we take reasonable steps to use organizational, technical, administrative, and physical security measures in accordance with applicable law. These measures include physical, electronic and procedural safeguards to protect your personal data (i.e., computer safeguards and secured files and buildings). We will notify you of any material personal data breaches affecting you in accordance with the requirements of applicable laws, including applicable Data Protection Laws.
International Transfers
Because of the international nature of Empyrean’s business, personal data may be transferred to countries outside the EEA, the UK, or the Cayman Islands (“Third Countries”), such as to jurisdictions where we conduct business or have a service provider (including but not limited to technical service providers and electronic data storage providers). These Third Countries, including, but not limited to, the United States, may not have the same level of data protection as that afforded by the Data Protection Laws in the EEA, the UK, or the Cayman Islands. In such cases, we will process personal data (or procure that it be processed) in the Third Countries in accordance with the requirements of applicable Data Protection Laws, which may include having appropriate contractual undertakings in legal agreements with service providers who process personal data on our behalf in such Third Countries.
In circumstances where we transfer personal data outside the EEA, the UK, or the Cayman Islands we will seek to ensure a similar degree of protection is afforded to it by ensuring that, where possible, personal data is generally transferred only to persons in countries outside the EEA, the UK or the Cayman Islands in one of the following circumstances:
- to persons and undertakings in countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, the Cayman Islands Ombudsman, or the equivalent entity in the UK (as applicable);
- to persons and undertakings to whom the transfer of such personal data is made pursuant to a contract that is compliant with the model contracts for the transfer of personal data to third countries from time to time approved by the European Commission (as supplemented where and if required), the Cayman Islands Ombudsman or the equivalent entity in the UK (as applicable);
- to persons and undertakings outside of the EEA, the UK, or the Cayman Islands pursuant to other appropriate safeguards for the transfer of personal data as set out in the GDPR, UK GDPR or DPA (as applicable); or
- only on one of the conditions allowed under the GDPR or DPA (as applicable) in the absence of (i) a decision by the European Commission, the Cayman Islands Ombudsman, or the equivalent entity in the UK that has deemed a country to provide an adequate level of protection for personal data (i.e. an adequacy decision) or (ii) appropriate safeguards such as a contract that is compliant with the model contracts for the transfer of personal data to third countries approved by the European Commission, the Cayman Islands Ombudsman, or the equivalent entity in the UK.
You can contact us through the information provided in “Who to Contact About this Privacy Notice,” below for further information on specific mechanisms we utilize for transferring personal data outside the EEA, the UK, or the Cayman Islands and the countries to which such transfer may be made (which may include, but are not limited to, the United States).
Additional Information for EEA and UK Data Subjects and Cayman Investors
Data Protection Laws impose certain obligations on us and grants certain right to data subjects or individuals covered by those laws. For purposes of the GDPR we are a “controller” and for purposes of the DPA we are a “data controller.” “Personal data” and other terms as used in this section have the same meaning provided in the Data Protection Laws.
Legal Basis
As described above in “Our Collection of Personal Data” and “Using Your Personal Data,” we process personal data for various purposes. Our lawful bases for processing such personal data include: (i) where it is necessary for our legitimate interests in connection with our investment advisory business (or those of a third party) and your interests and fundamental rights do not override those interests; (ii) to comply with certain legal and regulatory requirements; (iii) depending on the circumstances, we may need to process your personal data for the performance of a contract to which you are a party, or related pre-contractual steps; and (iv) with your consent, as required by the GDPR and DPA (as applicable).
Your Rights Under Data Protection Laws
Data subjects in the EEA and UK have certain rights under GDPR (and, as applicable, the DPA) in relation to our processing of their personal data and these are, generally: (i) the right to request access to their personal data; (ii) the right to request rectification of their personal data; (iii) in certain circumstances the right to request erasure of their personal data (the “right to be forgotten”); (iv) the right to restrict our processing or use of personal data; (v) the right to object to our processing or use where we have considered this to be necessary for our legitimate interests (such as in the case of direct marketing activities); (vi) where relevant, the right to request data portability; (vii) where their consent to processing has been obtained, the right to withdraw their consent at any time; and (viii) the right to lodge a complaint with a supervisory authority (including, if applicable, the Cayman Islands Ombudsman who may be contacted at info@ombudsman.ky or the relevant EU member state or UK data protection authority). Please note that the right to be forgotten that applies in certain circumstances under the GDPR is not likely to be available in respect of the personal data we hold, given the purpose for which we collect such data, as described above. You can exercise these rights by contacting us at privacy@empyrean.com.
Additional Information for California Residents
The CCPA imposes certain obligations on us and grants certain rights to California residents (“California resident,” “you” or “your”) with regard to “personal information.” If you are a California resident, please review the following information about our privacy practices surrounding how and why we collect, use, disclose, and share your personal information and your potential rights regarding your personal information under the CCPA. The rights described in this section are subject to exemptions and other limitations under applicable law and the CCPA does not apply to certain information like personal information collected, processed, sold or disclosed pursuant to the federal GLBA and its implementing regulations.
Terms used in this section have the meaning ascribed to them in the CCPA. We are a “business.” “Personal information” as used in this section has the same meaning as in the CCPA. It does not include deidentified information, aggregate consumer information or publicly available information, as those terms are defined in the CCPA.
Notice at Collection and Use of Personal Information
Information We Collect
Depending on how you interact with us, we may collect the categories of personal information listed above in the section “Our Collection of Personal Data.”
How We Use Collected Information
We also may use personal information from California resident clients for the business or commercial purposes described above in the section “Using Your Personal Data.”
For more information about our privacy practices, please review our entire Privacy Notice, which is available starting on the first page of this document.
Our Collection, Use, Disclosure, and Sharing of Personal Information
What Information We Have Collected, the Sources from Which We Collected It, and Our Purpose for Collecting the Information
In the preceding 12 months, depending on how you interact with us, we may have collected the categories of personal information listed above in the section, “Our Collection of Personal Data.” We may collect personal information from all or some of the categories of sources listed in the section, “How We Collect Personal Data.” We may collect all or a few of these categories of personal information for the business or commercial purposes identified in the section, “Using Your Personal Data.”
Our Disclosure and Sharing of Personal Information
Empyrean does not sell your personal information. We do not knowingly sell the personal information of California residents under 16 years old. We may disclose personal information to third parties in circumstances where we believe in good faith that disclosure is required or permitted under law, to cooperate with regulators or law enforcement authorities, to protect our rights or property or upon reasonable request by the fund in which you have invested.
We may also share your personal information with our service providers such as our administrator, tax and accounting providers, IT providers, or CRM provider, other entities that have agreed to limitations on the use of your personal information, or entities that fit within other exemptions or exceptions in. or as otherwise permitted by, the CCPA.
California Residents’ Rights under the CCPA
If your personal information is subject to the CCPA, you may have certain rights concerning that information, subject to applicable exemptions and limitations, including the right to: (i) be informed, at or before the point of collection, of the categories of personal information to be collected and the purposes for which the categories of personal information shall be used; (ii) not be discriminated against because you exercise any of your rights under the CCPA; (iii) request that we delete any personal information about you that we collected or maintained, subject to certain exceptions (“Request to Delete”); (iv) opt-out of the “sale” (as that term is defined in the CCPA) of your personal information if a business sells your personal information (we do not); and (v) request that we, as a business that collects personal information about you and that discloses your personal information for a business purpose, disclose to you (“Request to Know”): (a) the categories of personal information we have collected about you; (b) the categories of sources from which we have collected the personal information; (c) the business or commercial purpose for collecting the personal information; (d) the categories of third parties with which we disclose personal information about you for a business purpose; (e) the specific pieces of personal information we have collected about you; and (f) the categories of personal information we have disclosed about you for a business purpose.
The CCPA does not restrict our ability to do certain things like comply with other laws or comply with regulatory investigations. In addition, the CCPA does not apply to certain information including, generally, personal information collected, processed, sold, or disclosed pursuant to the GLBA and its implementing regulations. We also reserve the right to retain, and not to delete, certain personal information after receipt of a Request to Delete from California resident clients where permitted by the CCPA or another law or regulation.
How to Submit a Request Under the CCPA
California resident clients may submit Requests to Know and Requests to Delete through the following methods: (1) emailing us at privacy@empyrean.com privacy@empyrean.comor (2) calling this toll-free telephone number: 833-396-2017.
We are required to provide certain information or to delete personal information only in response to verifiable requests made by you or your legally authorized agent. When you submit a Request to Know or Request to Delete, we may ask that you provide clarifying or identifying information to verify your request. Such information may include, depending on the sensitivity of the information you are requesting and the type of request you are making, your name and email address. Any information gathered as part of the verification process will be used for verification purposes only.
You are permitted to designate an authorized agent to submit a Request to Know or a Request to Delete on your behalf and have that authorized agent submit the request through the aforementioned methods. In order to be able to act, authorized agents have to submit proof that they are authorized to act on your behalf, or have a power of attorney. We may also require that you directly verify your own identity with us and directly confirm with us that you provided the authorized agent permission to submit the request.
Changes to this Privacy Notice
This Privacy Notice was last revised as of January 13, 2022. From time to time, we may update or revise this Privacy Notice. If there are changes to the terms of this Privacy Notice, documents containing the revised Privacy Notice will be updated.
Who to Contact About this Privacy Notice
Please contact our Chief Technologist & Security Officer by emailing privacy@empyrean.com or by writing to Empyrean Capital Partners, LP, 10250 Constellation Boulevard, Suite 2950, Los Angeles, California, 90067, Attn: Chief Technologist & Security Officer for any questions about this Privacy Notice or requests with regards to the personal data we hold.
For more specific information or requests in relation to the processing of personal data by our administrator, sub-administrator, auditors, lawyers, prime brokers, custodians or any other service providers, you may also contact the relevant service provider directly at the address specified in our Form ADV or by visiting their websites. Please note that our administrator, customer relationship management provider and information technology infrastructure provider may act as data controllers of your personal information in connection with the performance of their respective legal and contractual obligations to us. For further information you can access the administrator’s privacy notice at https://citco.com/footer/privacy-policy/, the customer relationship management provider’s privacy notice at https://bit.ly/3tSHGLH and the information technology infrastructure provider’s privacy notice at http://www.abacusgroupllc.com/privacy-policy.